Kaspersky Managed Detection and Response

Viewing detailed information about incidents in MDR Web Console

20 May 2024

ID 257892

To view detailed information about incidents:

  1. In the MDR Web Console window, navigate to the Incidents menu item.

    The incident list opens.

  2. Click the string with the incident whose details you want to view.

    The incident page opens.

    The page title contains an incident identifier. Below the title there are four tabs:

    • Summary

      Contains general information on the incident.

    • Responses

      Contains information on responses to the incident.

    • Communication

      Contains information on communication and files related to the incident.

    • History

      Contains information on the incident changes.

    General information on the Summary tab starts with a brief incident summary. Additional information listed in this section includes:

    • Incident priority
    • Incident status
    • Incident resolution
    • Timestamps of the incident create time and update time
    • MITRE Tactics
    • MITRE Techniques
    • Detection technology

    Below the incident summary, the following information is listed:

    • Affected assets
    • Asset-based IOCs
    • Network-based IOCs

    General information on the Summary tab concludes with a client description and a Close incident button.

  3. If you know that the incident is a duplicate or you are not going to solve it, click the Close incident button.
  4. Refer to the Responses tab to view information on response requests.

    The information on the Responses tab is presented as a list. The columns of the list are:

    • Status
    • Asset ID
    • Type
    • Details
    • Comment
    • Changed by
    • Update time
  5. If you want to add a comment to an incident:
    1. On the Communication tab of the incident details page, type your comment in the text field.

      Markdown and attaching files are supported. The maximum file size is 10 MB.

    2. Click the Send button.

      The comment is added to the Communication tab on the incident details page. You can edit or delete your comment within 10 minutes after you post it.

  6. Refer to the History tab to view information on the incident changes.

    Below the title there is a switch for showing changes related to:

    • All events
    • Only incidents
    • Only responses
    • Only communication

    Next to this switch, there are the following buttons:

    • The Columns button with a gear icon, to select which columns to show on the History tab.
    • The Filter button with a funnel icon, to show changes related only to the selected check boxes.
    • The Search button with loupe icon, to show changes related only to the entered words or characters.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.